Here are the simple steps you can take to block silly people from using your bandwidth.
In what follows I assume that you are using a real operating system. If you are using Micro$oft "product", well good luck with that 
- Get the list of IPs for the country you wish to block. I get mine from a script I wrote which automatically calculates then adds the CIDR (IP block) from an attacker. But if you do not know how to do this, just go here and use their list.
- For Postfix:
- Add the CIDRs to a file. For example, in file china.txt place the CIDRs:
| 122.102.64.0/19 |
REJECT |
| 122.112.0.0/14 |
REJECT |
- Insert the following line into /etc/postfix/main.cf
smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/china.txt
- restart postfix
- For a webserver:
- Create a file as before. For example, in file china.txt place the CIDRs:
deny 122.102.64.0/19;
deny 122.112.0.0/14;
- include this is file in your deny list. For example:
include /somedirectory/china.txt
Note: The exact format of course depends upon which webserver you are using. There are lots of good ones out there other than Apache (too cumbersome IMHO) but choose one you like and simply add to the deny list as needed.
- For a firewall:
- Let's use shorewall as an example, although the proceedure is much the same for any good IPTABLES firewall. This time the file is simply a list of CIDRs, each on a separate line. For example, in a file called china.txt:
122.102.64.0/19
122.112.0.0/14
- In the 'interfaces' specification file, simply include china.txt in the list of interface files. For example:
net eth0 detect dhcp,tcpflags,logmartians,nosmurfs,china.txt
|
